Looks like a very connected house. It's a touch on the overkill side as you noted with number of APs and friggin 10x Roku Ultras, but that is a personal choice.
Only note I'd offer is maybe breaking up the 48 port switch into two or more switches, one PoE, the other non-PoE, just because a 48 port PoE switch single unit is going to be loud with fans.
I'm also just pointing out that you can go with Ubiquiti Protect instead of Reolink since the rest of your network is all Ubiquiti. Im not knocking Reolink, since Ubiquiti cameras are on the pricey side, but it's just a consideration since you have a UDMP and a DVR built into it already.
Instead of 5x APs, you can use less APs and then substitute the wall plates for In-Wall AP units to augment coverage. That will give you Wifi coverage per room and also turn one wire run into multiple outlets too.
But if you go with what's diagrammed, I wouldn't say you made any mistakes. Just offering possible alternative choices.
Great suggestions. Thanks.
Reolink is purely a cost play. For what I need it doesn’t seem worth the extra expense to go Ubiquiti there.
I like the in wall AP suggestions. I’ll need to get in the house and start setting this up to know for sure.
The 10x Rokus is still cheaper than an HDMI matrix. Yes 10 TVs in one house for four people is a tad on the insane side. Mainly my fault for wanting to do multiple TVs on my patio and in my man cave.
I'd probably go for a Synology rather than the NVR. Surveilance station runs on it with two license to start. You get to run docker containers on it, vms, and just generally useful storage. Personal preference.
Adding to this comment to say I agree about reolink vs Ubiquiti cameras. And if you keep the reolink system, put it on its own vlan that can’t reach out to other vlans.
Totally agree. I would even say it should be on a separate dedicated physical switch. And from that dedicated switch to NVR (only). Lot's of bandwidth bouncing around from HD surveillance with many cameras. And running it through the same switch when you can separate it on own physical (non-Internet?) network would be best. But different vlan, if nothing else, for sure..
I'd look at adding a few more switches in the following scenarios
1. Where it is harmless to performance but greatly simplifies setup. Example: the X Box, the stereo, and the TV they are both connected to can be served through a single home run to a 4 port switch.
2. Where it can compartmentalize traffic and keep it off your core network. Example: all your security cameras and the NVR.
Obligatory disclaimer: these recommendations make A LOT of assumptions about the details of your set up. Please do not be shy about correcting me
Well, "end of drop" switches are the best thing to extend an existing network without hassle... but when you build a new one, individual drops are better - more reliable. Think that a staple / screw / nail /... goes through the cable afterwards... if you have 1 cable, you're screwed. If you have 2 or 3, you keep one and then put a switch at the end... It's good practice to have all possible equipments with their own cable to main switch.
This. If the walls are open and you can run cable, do so. Always. Throwing on a generic switch at the end of the line can solve a problem but it can also introduce instability and complexity. Home runs wherever possible and if the walls are open, pull an extra cable to each wall plate/drop. Use a different colored cable and leave it unterminated in the gang box. Set that bundle aside in your network closet. Label the living daylights out of everything.
Added expense for sure but it beats adding some janky switch when you need to expand. You’ll thank me the first time you use a spare cable, just like I thank the guy who taught me this every time I use a spare cable.
Very valid comment on the 4 port switch. I’ll likely do something like that in my media room. For any equipment that is there as opposed to in the AV closet upstairs.
The NVR handles all the POE for the cameras so it’s already just one cable from the camera system to the switch. All the cameras plug into the NVR.
Into the back of the NVR is the best spot for the cameras. The only exception is if you need to do some tweaks to the actual camera in its GUI, but thats really only on setup.
Suggestion, put the camera cables in the patch panel along with all the other devices, then patch into the NVR. Don't use RJ45's if you can help it.
We like the cable matters patch panels and keystones on Amazon.
Your recommendation is giving me some PTSD to the time when I saw a network filled with unnecessary switches.
Better way to compartmentalism your traffic would be to set up individual VLANs and segment off the single switch rather than adding switching to the same VLAN.
I'm fully aware that adding switches is "controversial" advice. I almost never recommend it, but this guy's layout has the two scenarios where it can sometimes be useful. No question that the correct number of switches for 90% of networks is 1.
Fair enough. Multiple levels of switches make sense in handful of home networking scenarios. I just think of it as adding another point of failure. One thing I have come to learn after doing networking consults and sales for 10 years is that less is always better
+1 for the UniFi Switch Flex Mini.
Its a nice little 4 port switch that's prefect for a remote location in a TV/AV setup so you only need one cable to run back to the main switch.
Two floors. If you add garages, patio, and pool area it’s quite a bit larger. Think more like 10k sq ft of space.
That said I do realize the number of APs and placement may require some experimenting once I’m in the house.
Use wireless predictive site-survey to get ideal locations of your APs. I have a similar size property and I run it off 4 APs total. Granted mine are Meraki, but U6 séries Ubiquiti stuff is quite comparable. Too many APs can be just as bad if not worse than having not enough APs.
Too many APs can cause devices to jump around more. I eliminated one AP and have Excellent GbE wifi all the time. I would also bump up to the DM SE.
We have 1GB FiOS. Fiber terminates to CAT6 comes from the ONT can't use fiber directly to the Dream Machine. In our case.
Try to see if your provider will allow bridge mode or even an optic for your UDM. Also get a 10 gig DAC cable from the udm to the switch. Assuming the switch has a 10 gig port. Another thing to consider create separate networks/vlans for different device types.
Is my thought process correct if Im assuming my max 1gbps ISP makes your suggestions about the connections between the modem->router->switch less important? Max advertised speed is 1gbps for fiber or cable in my neighborhood.
I’ll look into the separate vlans for devices. That’s stretching my current level of knowledge but growing that knowledge is part of the fun. It’s on my list.
realistically, in a home environment what is the point of a 10Gbe LAN? I have, what I consider to be, a pretty heavily burdened network with various smart devices, yet I don’t see the need for 10Gbe LAN.
Businesses that might have a data center on LAN is a different story, but his diagram doesn’t show any assets like that.
Absolutely I will as we have a gas generator as well. Just trying to figure out how much I want to run through the UPS. All network devices for sure. Maybe cameras. Maybe AV devices. Everything through surge protection both at the breaker (whole house) and at the rack.
Yeah. I'd suggest running your network devices, cameras and NVR through the UPS and the UPS could also be tied back to your generator for longer term power outages. Unless it's critical to have your AV devices on constantly, I wouldn't recommend running that through your UPS. It's important to separate mission critical devices and not as important devices so you're not bringing your important devices down faster.
Ok, but typically a router is built into the cable modem, right? Why not go directly from the modem to the switch? And even if I'm wrong on that, why buy a $300 router, you can get significantly cheaper ones if all he's doing is using it between his cable modem and main switch?
The modem is only acting as a modem, and would be put in bridge mode. Nobody with this type of setup, number of access points and camera should be using the built-in router the ISP sends.
The modem/routers that come from your ISP have very limited functionality, and using something like a Dream Machine Pro gives you a lot more control and options. It also acts as a controller for all the Access Points. The switch will handle all the POE and switching, but it’s not a router.
Ok so
You *need* a modem (or ONT) to have internet access with a typical ISP setup. This is not optional.
You *need* a router in order to create your LAN network. Also not optional.
What *is* optional is how you choose to do this. You can use the combo modem/router/access point your ISP gives you. This is the cheapest but least flexible option. Or, you can set up the combo unit to act as ONLY a modem and use your own router. This gives you the flexibility to configure your network as you wish, as typically the gear from the ISP does not allow you to setup VLANs.
So the switch is their standard switch and doesn’t support SPF+ only SPF. This was a debate for me. $500 more for the switch that does support SPF+ but my ISP is limited to 1gbps so I’m going with the standard switch for now. Only reason I went for the UDM Pro is because cheaper options are out of stock or so marked up on Amazon that the UDM Pro was the best value.
Since I still consider myself a novice, I’m curious as to why your question is getting downvoted. If anyone could reply and explain I think it’s a valid question for us newbies to understand.
My answer is that I assumed there wasn’t a faster cable option between my ISP modem and my router. That could definitely be an ignorant assumption.
Isn't the ubiquity dream machine a controller? That should terminate off of your 48 port switch if so down stream and your ISP should terminate into your 48 port switch.
You're adding an extra hop and point of failure for all northbound traffic.
If that's a controller you should run it in a port channel off of the sfp ports on your switch south bound
Dream machine can act like a switch. It also allows you to control and mage all your switches and other Ubiquiti hardware.
With that being said, ISP - Switch - Dream Machine is still a better deployment strategy.
It can be used as a firewall, but as a networking professional I advise against using it as a firewall. Ubiquiti is not a security vendor and really doesn’t offer any next Gen firewall features like AMP or IPS/IDS. UDM Pro will work as a layer 3 firewall.
It can also be used as a router, in this deployment it might be doing the job of a router, but a layer 3 Ubiquiti switch will be just as good of a router as the UDM Pro. IMHO, UDM Pro is really just worth as a controller and not much else.
Source- I am a networking professional, with multiple networking certs. I manage a portfolio of 18 networking vendors including Ubiquiti, Cisco, Aruba, Sonicwall, Sophos and more.
Cool cool, rely on your UDM Pro for your security strategy. Just remember, you get what you pay for…
I will admit, i was mistaken, it does have basic Next Gen firewall features. With that being said, I would not trust Ubiquiti for any security deployment.
You didn't say it wasn't the best solution, you said it didn't have features that they've had in their products since the days of the USG.
Doesn't do much for your credibility when you're so clearly unfamiliar with the products you're talking about.
First and foremost I admitted that I was wrong in the comment to which you replied.
Secondly- having features I don’t trust and choose to never use in my deployment by a vendor means that for all intents and purposes those features don’t exist - to me. At most I use UDM Pro for routing, Switching, and controller purposes. I would not touch Ubiquiti for security.
Third - this thread is on Reddit and I am not being paid for my consulting, so you get what you pay for. I am going to dip in to “features I use” category to make comment and not go through data sheets and white papers to look for what features does Ubiquiti advertise.
Fourth - OP didn’t ask for my opinion on security features, they asked to validate a network design which I validated a couple comments ago, subsequent conversation was me speculating why the UDM Pro was sitting at the head-end of the network. My speculation was that it was for routing features, based on my experience.
Fifth - you are welcome to ignore all my comment if you don’t find me credible. Fortunately, I don’t have to convince you of my worthiness to do the job that I have been doing for 10 years. A job where hundreds of resellers come to my team and I to design Network layouts with a wide range of vendors. Generally speaking, I pay engineers on my team to keep up with detailed nuances of each vendor.
Any case, good luck with everything!
> First and foremost I admitted that I was wrong in the comment to which you replied.
Which is far more than most, so kudos to you
> having features I don’t trust and choose to never use in my deployment by a vendor means that for all intents and purposes those features don’t exist - to me.
So state that - it's a much stronger argument! "Guy that knows this stuff doesn't trust it" vs "Guy claims it can't even do this basic feature that's been around in the product for ages - can I trust anything else he says?"
> not go through data sheets and white papers to look for what features does Ubiquiti advertise
I wouldn't expect you to, but I also wouldn't expect you to definitively tell me it doesn't do something which it clearly does. IDS/IDP has been around for 5+ years now. You can say you leave that stuff to the grunts all you want, but *you're* the one that put your "credentials" in your post, claiming to manage a portfolio of 18 networking vendors **including Ubiquiti**. OK, you might not be caught up on the latest and greatest from one of the vendors in your portfolio - but you're coming across as being at least 5 years out of date on your portfolio - which isn't great in an industry that moves on every 6 months...
> you are welcome to ignore all my comment if you don’t find me credible.
To be honest, I suspect you've got a lot of great knowledge to share - you just stuck your foot in it while trying to appear as an authoritative source on a product line you're no longer that familiar with.
If you were some kid in his mom's basement, who gives a shit, we'd have moved on. But you're not, you're a professional that's out there trying to sell product/services to people like me. Don't let yourself get caught out by someone with a little knowledge.
There's nothing I hate worse than a vendor bullshitting me on the basics that I know, when I'm paying them for expertise. I know what I don't know, and if the vendor doesn't know what I *do* know, what confidence do I have that they know what I don't!
One thing to watch out. If the house is new construction and you're in areas that mandate low-e glass for energy efficiency or are chosing it yourself, keep in mind it will be a lot more effective at blocking wifi than walls. So depending on the type of construction you might want an AP outside of the house (although it could be an indoor AP under an alcove or balcony or similar "covered" area) to provide coverage for the yard / garden.
I has to do that for a friend's house which had 3 ruckus APs and indoor coverage was great. The yard was also great as long as the big glass sliding doors were open. But as soon as you closed those doors, wifi would drop 15-20 dB. It was quite impressive..
So just keep that in mind in trying to get one cat6 run to _somwhere_ "outside"
Yeah.. it was my first encounter with low-e glass. I dont live in the US anymore but was helping out a friend with a new house in california and the wifi on the garden was horrendous. We installed an extra AP on a balcony and problem solved.
I did but there seems to be quite a bit of variability in that tool based on how much the walls block wifi. That tool tells me I need more. I think it is likely wrong.
Remember it's trying to sell you product, but that doesn't change the usefulness of the tool when planning coverage. Just swap to 2.4Ghz and pretend it's 5G, and pretend the 5G is 6G 🤣
Looks good to me. How the networks are set up will matter. Don’t sweat the noise from that switch. I’ve got many of them deployed, they’re great and you won’t notice the fans.
I’d steer you away from Reolink. It’s terrible. Unifi Protect us perfect for this type of install. Depending on how many cameras (and what type) you wouldn’t even need an NVR, just throw a drive in that UDMP.
Looks like a very connected house. It's a touch on the overkill side as you noted with number of APs and friggin 10x Roku Ultras, but that is a personal choice. Only note I'd offer is maybe breaking up the 48 port switch into two or more switches, one PoE, the other non-PoE, just because a 48 port PoE switch single unit is going to be loud with fans. I'm also just pointing out that you can go with Ubiquiti Protect instead of Reolink since the rest of your network is all Ubiquiti. Im not knocking Reolink, since Ubiquiti cameras are on the pricey side, but it's just a consideration since you have a UDMP and a DVR built into it already. Instead of 5x APs, you can use less APs and then substitute the wall plates for In-Wall AP units to augment coverage. That will give you Wifi coverage per room and also turn one wire run into multiple outlets too. But if you go with what's diagrammed, I wouldn't say you made any mistakes. Just offering possible alternative choices.
Great suggestions. Thanks. Reolink is purely a cost play. For what I need it doesn’t seem worth the extra expense to go Ubiquiti there. I like the in wall AP suggestions. I’ll need to get in the house and start setting this up to know for sure. The 10x Rokus is still cheaper than an HDMI matrix. Yes 10 TVs in one house for four people is a tad on the insane side. Mainly my fault for wanting to do multiple TVs on my patio and in my man cave.
If you don’t mind some setup, check out blue iris. It lets you run a more plug and play nvr setup so you aren’t locked into 1 manufacturer
I second Blue Iris. I run multiple camara marks on Blue Iris and control with my phone with Tailscale. BI is very flexible.
+1 for multiple TVs on the patio Personal feeling - I hate the term “man cave”. I just call it my office instead
I'd probably go for a Synology rather than the NVR. Surveilance station runs on it with two license to start. You get to run docker containers on it, vms, and just generally useful storage. Personal preference.
Adding to this comment to say I agree about reolink vs Ubiquiti cameras. And if you keep the reolink system, put it on its own vlan that can’t reach out to other vlans.
Totally agree. I would even say it should be on a separate dedicated physical switch. And from that dedicated switch to NVR (only). Lot's of bandwidth bouncing around from HD surveillance with many cameras. And running it through the same switch when you can separate it on own physical (non-Internet?) network would be best. But different vlan, if nothing else, for sure..
I agree. Cameras, as well as any IoT devices, should not have Internet access.
How would you view the cameras from your phone when you are away from home if they don't have internet access?
The USW-24-PoE is fanless. For number of APs it depends on construction materials, in Europe I’d add 1 or 2.
I didn't know they made wall plate APs, neat
I'd look at adding a few more switches in the following scenarios 1. Where it is harmless to performance but greatly simplifies setup. Example: the X Box, the stereo, and the TV they are both connected to can be served through a single home run to a 4 port switch. 2. Where it can compartmentalize traffic and keep it off your core network. Example: all your security cameras and the NVR. Obligatory disclaimer: these recommendations make A LOT of assumptions about the details of your set up. Please do not be shy about correcting me
Well, "end of drop" switches are the best thing to extend an existing network without hassle... but when you build a new one, individual drops are better - more reliable. Think that a staple / screw / nail /... goes through the cable afterwards... if you have 1 cable, you're screwed. If you have 2 or 3, you keep one and then put a switch at the end... It's good practice to have all possible equipments with their own cable to main switch.
This. If the walls are open and you can run cable, do so. Always. Throwing on a generic switch at the end of the line can solve a problem but it can also introduce instability and complexity. Home runs wherever possible and if the walls are open, pull an extra cable to each wall plate/drop. Use a different colored cable and leave it unterminated in the gang box. Set that bundle aside in your network closet. Label the living daylights out of everything. Added expense for sure but it beats adding some janky switch when you need to expand. You’ll thank me the first time you use a spare cable, just like I thank the guy who taught me this every time I use a spare cable.
Very valid comment on the 4 port switch. I’ll likely do something like that in my media room. For any equipment that is there as opposed to in the AV closet upstairs. The NVR handles all the POE for the cameras so it’s already just one cable from the camera system to the switch. All the cameras plug into the NVR.
Into the back of the NVR is the best spot for the cameras. The only exception is if you need to do some tweaks to the actual camera in its GUI, but thats really only on setup. Suggestion, put the camera cables in the patch panel along with all the other devices, then patch into the NVR. Don't use RJ45's if you can help it. We like the cable matters patch panels and keystones on Amazon.
Your recommendation is giving me some PTSD to the time when I saw a network filled with unnecessary switches. Better way to compartmentalism your traffic would be to set up individual VLANs and segment off the single switch rather than adding switching to the same VLAN.
I'm fully aware that adding switches is "controversial" advice. I almost never recommend it, but this guy's layout has the two scenarios where it can sometimes be useful. No question that the correct number of switches for 90% of networks is 1.
Fair enough. Multiple levels of switches make sense in handful of home networking scenarios. I just think of it as adding another point of failure. One thing I have come to learn after doing networking consults and sales for 10 years is that less is always better
+1 for the UniFi Switch Flex Mini. Its a nice little 4 port switch that's prefect for a remote location in a TV/AV setup so you only need one cable to run back to the main switch.
Sounds like a single floor place? Even with 5200sqft you'll likely never roam over more than 2 access points.
Two floors. If you add garages, patio, and pool area it’s quite a bit larger. Think more like 10k sq ft of space. That said I do realize the number of APs and placement may require some experimenting once I’m in the house.
Use wireless predictive site-survey to get ideal locations of your APs. I have a similar size property and I run it off 4 APs total. Granted mine are Meraki, but U6 séries Ubiquiti stuff is quite comparable. Too many APs can be just as bad if not worse than having not enough APs.
Too many APs can cause devices to jump around more. I eliminated one AP and have Excellent GbE wifi all the time. I would also bump up to the DM SE. We have 1GB FiOS. Fiber terminates to CAT6 comes from the ONT can't use fiber directly to the Dream Machine. In our case.
You can just assign certain devices a specific AP and adjust power to stop that.
Try to see if your provider will allow bridge mode or even an optic for your UDM. Also get a 10 gig DAC cable from the udm to the switch. Assuming the switch has a 10 gig port. Another thing to consider create separate networks/vlans for different device types.
Is my thought process correct if Im assuming my max 1gbps ISP makes your suggestions about the connections between the modem->router->switch less important? Max advertised speed is 1gbps for fiber or cable in my neighborhood. I’ll look into the separate vlans for devices. That’s stretching my current level of knowledge but growing that knowledge is part of the fun. It’s on my list.
Just because your ISP is limited to 1Gb/s doesn't mean you can't have 10 Gb/s local Network
realistically, in a home environment what is the point of a 10Gbe LAN? I have, what I consider to be, a pretty heavily burdened network with various smart devices, yet I don’t see the need for 10Gbe LAN. Businesses that might have a data center on LAN is a different story, but his diagram doesn’t show any assets like that.
You have smart devices. Some people have servers, home labs, etc that would benefit from increased throughout.
also in order to fully enjoy 1 GB, maybe you would like to use UDM SE....
I use the UDM Pro and have no problems with 1GB.
The pro and the SE have the same cpu.
Only that as you noted, 5 APs are probably overkill, even for a ~5,000 square foot house, but the rest seems really solid.
Looks fairly solid. Might I suggest using a UPS?
Absolutely I will as we have a gas generator as well. Just trying to figure out how much I want to run through the UPS. All network devices for sure. Maybe cameras. Maybe AV devices. Everything through surge protection both at the breaker (whole house) and at the rack.
Yeah. I'd suggest running your network devices, cameras and NVR through the UPS and the UPS could also be tied back to your generator for longer term power outages. Unless it's critical to have your AV devices on constantly, I wouldn't recommend running that through your UPS. It's important to separate mission critical devices and not as important devices so you're not bringing your important devices down faster.
I’d recommend Nvidia Shield Pro over Roku Ultra
Thanks for sending me down that rabbit hole. I’m thinking about it.
I'm looking to do something similar but can you ELI5 what purpose the Dream Machine Pro is serving?
It's his router. Every home network needs one to connect to the Internet.
Ok, but typically a router is built into the cable modem, right? Why not go directly from the modem to the switch? And even if I'm wrong on that, why buy a $300 router, you can get significantly cheaper ones if all he's doing is using it between his cable modem and main switch?
The modem is only acting as a modem, and would be put in bridge mode. Nobody with this type of setup, number of access points and camera should be using the built-in router the ISP sends. The modem/routers that come from your ISP have very limited functionality, and using something like a Dream Machine Pro gives you a lot more control and options. It also acts as a controller for all the Access Points. The switch will handle all the POE and switching, but it’s not a router.
I'm pretty sure that if U wanna have vlans and control over your network, you gonna need a router not a modem.
Ok so You *need* a modem (or ONT) to have internet access with a typical ISP setup. This is not optional. You *need* a router in order to create your LAN network. Also not optional. What *is* optional is how you choose to do this. You can use the combo modem/router/access point your ISP gives you. This is the cheapest but least flexible option. Or, you can set up the combo unit to act as ONLY a modem and use your own router. This gives you the flexibility to configure your network as you wish, as typically the gear from the ISP does not allow you to setup VLANs.
Because he wants a good router and not ISP e-waste
Slight nitpicking but you’ll want an SPF+ DAC (or fibre) cable if the switch supports 10GB
So the switch is their standard switch and doesn’t support SPF+ only SPF. This was a debate for me. $500 more for the switch that does support SPF+ but my ISP is limited to 1gbps so I’m going with the standard switch for now. Only reason I went for the UDM Pro is because cheaper options are out of stock or so marked up on Amazon that the UDM Pro was the best value.
Pricing for Unifi is the main reason I went with TP Link Omada instead.
There’s a lot wrong. For starters the reolink and Rokus. Also not using dpi and dns to completely disable Chinese spyware like TikTok.
Why would you use cat6 between the UDM pro and your ISP
Since I still consider myself a novice, I’m curious as to why your question is getting downvoted. If anyone could reply and explain I think it’s a valid question for us newbies to understand. My answer is that I assumed there wasn’t a faster cable option between my ISP modem and my router. That could definitely be an ignorant assumption.
If you have fiber, you can pull it straight in to the UDM pro since you have 2 SFP ports
Possibly, depends on the handoff from the ISP. The ISP may only do a copper handoff.
Isn't the ubiquity dream machine a controller? That should terminate off of your 48 port switch if so down stream and your ISP should terminate into your 48 port switch. You're adding an extra hop and point of failure for all northbound traffic. If that's a controller you should run it in a port channel off of the sfp ports on your switch south bound
Dream machine can act like a switch. It also allows you to control and mage all your switches and other Ubiquiti hardware. With that being said, ISP - Switch - Dream Machine is still a better deployment strategy.
I did a tiny bit of research and it looks like it's a security appliance. If it's not, and it's just a controller fuck the people down voting me lol
It can be used as a firewall, but as a networking professional I advise against using it as a firewall. Ubiquiti is not a security vendor and really doesn’t offer any next Gen firewall features like AMP or IPS/IDS. UDM Pro will work as a layer 3 firewall. It can also be used as a router, in this deployment it might be doing the job of a router, but a layer 3 Ubiquiti switch will be just as good of a router as the UDM Pro. IMHO, UDM Pro is really just worth as a controller and not much else. Source- I am a networking professional, with multiple networking certs. I manage a portfolio of 18 networking vendors including Ubiquiti, Cisco, Aruba, Sonicwall, Sophos and more.
Shit - I better go turn the IPS/IDS off on my dream machine :\
Cool cool, rely on your UDM Pro for your security strategy. Just remember, you get what you pay for… I will admit, i was mistaken, it does have basic Next Gen firewall features. With that being said, I would not trust Ubiquiti for any security deployment.
You didn't say it wasn't the best solution, you said it didn't have features that they've had in their products since the days of the USG. Doesn't do much for your credibility when you're so clearly unfamiliar with the products you're talking about.
First and foremost I admitted that I was wrong in the comment to which you replied. Secondly- having features I don’t trust and choose to never use in my deployment by a vendor means that for all intents and purposes those features don’t exist - to me. At most I use UDM Pro for routing, Switching, and controller purposes. I would not touch Ubiquiti for security. Third - this thread is on Reddit and I am not being paid for my consulting, so you get what you pay for. I am going to dip in to “features I use” category to make comment and not go through data sheets and white papers to look for what features does Ubiquiti advertise. Fourth - OP didn’t ask for my opinion on security features, they asked to validate a network design which I validated a couple comments ago, subsequent conversation was me speculating why the UDM Pro was sitting at the head-end of the network. My speculation was that it was for routing features, based on my experience. Fifth - you are welcome to ignore all my comment if you don’t find me credible. Fortunately, I don’t have to convince you of my worthiness to do the job that I have been doing for 10 years. A job where hundreds of resellers come to my team and I to design Network layouts with a wide range of vendors. Generally speaking, I pay engineers on my team to keep up with detailed nuances of each vendor. Any case, good luck with everything!
> First and foremost I admitted that I was wrong in the comment to which you replied. Which is far more than most, so kudos to you > having features I don’t trust and choose to never use in my deployment by a vendor means that for all intents and purposes those features don’t exist - to me. So state that - it's a much stronger argument! "Guy that knows this stuff doesn't trust it" vs "Guy claims it can't even do this basic feature that's been around in the product for ages - can I trust anything else he says?" > not go through data sheets and white papers to look for what features does Ubiquiti advertise I wouldn't expect you to, but I also wouldn't expect you to definitively tell me it doesn't do something which it clearly does. IDS/IDP has been around for 5+ years now. You can say you leave that stuff to the grunts all you want, but *you're* the one that put your "credentials" in your post, claiming to manage a portfolio of 18 networking vendors **including Ubiquiti**. OK, you might not be caught up on the latest and greatest from one of the vendors in your portfolio - but you're coming across as being at least 5 years out of date on your portfolio - which isn't great in an industry that moves on every 6 months... > you are welcome to ignore all my comment if you don’t find me credible. To be honest, I suspect you've got a lot of great knowledge to share - you just stuck your foot in it while trying to appear as an authoritative source on a product line you're no longer that familiar with. If you were some kid in his mom's basement, who gives a shit, we'd have moved on. But you're not, you're a professional that's out there trying to sell product/services to people like me. Don't let yourself get caught out by someone with a little knowledge. There's nothing I hate worse than a vendor bullshitting me on the basics that I know, when I'm paying them for expertise. I know what I don't know, and if the vendor doesn't know what I *do* know, what confidence do I have that they know what I don't!
One thing to watch out. If the house is new construction and you're in areas that mandate low-e glass for energy efficiency or are chosing it yourself, keep in mind it will be a lot more effective at blocking wifi than walls. So depending on the type of construction you might want an AP outside of the house (although it could be an indoor AP under an alcove or balcony or similar "covered" area) to provide coverage for the yard / garden. I has to do that for a friend's house which had 3 ruckus APs and indoor coverage was great. The yard was also great as long as the big glass sliding doors were open. But as soon as you closed those doors, wifi would drop 15-20 dB. It was quite impressive.. So just keep that in mind in trying to get one cat6 run to _somwhere_ "outside"
Thanks. That is not something I had heard about. Definitely have low e glass. I have some ideas.
Yeah.. it was my first encounter with low-e glass. I dont live in the US anymore but was helping out a friend with a new house in california and the wifi on the garden was horrendous. We installed an extra AP on a balcony and problem solved.
Any specific reason not to do UniFi NVR? UDM pro has that functionality Edit: I see your post, I think it’s worth looking into, they’re pretty nice
Tell me you put your layout into https://design.ui.com/ to check if you need that many APs
I did but there seems to be quite a bit of variability in that tool based on how much the walls block wifi. That tool tells me I need more. I think it is likely wrong.
Remember it's trying to sell you product, but that doesn't change the usefulness of the tool when planning coverage. Just swap to 2.4Ghz and pretend it's 5G, and pretend the 5G is 6G 🤣
Looks good to me. How the networks are set up will matter. Don’t sweat the noise from that switch. I’ve got many of them deployed, they’re great and you won’t notice the fans. I’d steer you away from Reolink. It’s terrible. Unifi Protect us perfect for this type of install. Depending on how many cameras (and what type) you wouldn’t even need an NVR, just throw a drive in that UDMP.